Hacking with Reverse Engineering and Defense against it

34
Reverser view to application security Reverse Code Engineering

Transcript of Hacking with Reverse Engineering and Defense against it

Page 1: Hacking with Reverse Engineering and Defense against it

Reverser  view  to  application  security  

Reverse  Code  Engineering  

Page 2: Hacking with Reverse Engineering and Defense against it

Speaker  Info    Krishs  Patil  Hold  master  degree  in  computer  application  Computer  programmer  Reverser  And  hobbyist  security  researcher  

Page 3: Hacking with Reverse Engineering and Defense against it

Outline  �  Introduction  �  Reversing  Process  �  Tools  and  Techniques  �  Reversing  in  different  context  (Practice)  �  Lab  demonstration  �  Defeating  Reverse  Engineering  �  Resources  

Page 4: Hacking with Reverse Engineering and Defense against it

Introduction  �   “Reverse  engineering  is  the  process  of  extracting  the  knowledge  or  design  blueprints  from  anything  man-­‐made”.    

�  It  is  usually  conducted  to  obtain  missing  knowledge,  ideas  and  design  philosophy  when  such  information  is  unavailable.  

�  In  computer  science,  It  is  the  process  of  dis-­‐assembling  or  de-­‐compiling  the  binary  code  of  computer  program  for  various  purpose.  

�  Requires  skills  and  understanding  of  computer  and  software  development  

Page 5: Hacking with Reverse Engineering and Defense against it

Introduction  Cont…      Why  reverse  engineering…  

 different  people  do  it  for  different  purpose  …        But,  Specifically  in  the  field  of  Cyber  Security…  

   …  If  you  want  to  be  serious  security  researcher,  you  must  posses  skills  of  reverse  code  engineering.  

Page 6: Hacking with Reverse Engineering and Defense against it

Reversing  Process    Defining  scope  of  reversing…  

�  System  Reverse  Engineering  �  Code  Reverse  Engineering  �  Data  Reverse  Engineering  �  Protocol  Reverse  Engineering      

Page 7: Hacking with Reverse Engineering and Defense against it

Reversing  Process  Cont…      Setting  up  environment…    �  Setup  Isolated  environment  (VMware,  Virtual  Box)  �  System  monitoring  (SysInternal  Tools)  �  Static  Analysis  �  Dynamic  Analysis    (Debugging/Tracing)  

Page 8: Hacking with Reverse Engineering and Defense against it

Reversing  Process  Cont…      Disassembling  Vs  Decompiling…    �  Native  Code  –  Directly  perform  operations  on  CPU      (Compiled  with  C,C++,Delphi)  

�  Intermediate  Code  –  Interpreter  drives  it  to  perform  operations  on  CPU    (Java  byte  code,  MSIL)  

Page 9: Hacking with Reverse Engineering and Defense against it

Reversing  Process  Cont…      Program  structure…      Higher  level  perspective  …  � Modules  �  Data  �  Control  flow        Lower  level  perspective  …  �  Just  assembly  language!!!  

Page 10: Hacking with Reverse Engineering and Defense against it

Reversing  Process  Cont…        So  what  I  need  to  know  prior  reversing  binary  code  ...              Just  a  computer  and  brain  J  would  be  enough  but  …        …  mastering  it    might  take  time  if  you  don’t  know  about      �  Computer  architecture    �   Programming  in  Assembly  Language  and  C,C++  �  Operating  System-­‐Platform  and  HEX  numbering        

Page 11: Hacking with Reverse Engineering and Defense against it

Assembly  Language  �  Lowest  level  in  software    �  Platform  specific  (IA-­‐32,    IA-­‐64,AMD)  � Machine  code  (OpCode)  ó  Assembly  commands  �  Assembler  converts  assembly  program  into  machine  code  that  is  executable  by  CPU  

�  Dis-­‐assembler  is  the  program  that  coverts  machine  code  into  textual  presentation  of  assembly  commands  

� Mastering  reversing  without  knowing  assembly  is  almost  impossible.  

Page 12: Hacking with Reverse Engineering and Defense against it

Assembly  Language  

Page 13: Hacking with Reverse Engineering and Defense against it

Assembly  Language    Registers  

�  Internal  memory  in  processor  �  IA-­‐32  has  eight  generic  registers  (EAX,EBX,ECX,EDX,ESI,EDI,EBP  and  ESP)  

�  Floating  point  and  debug  registers  �  Special  register  –  EFLAGS  for  flag  management  

 flags  �  OF,  SF,  ZF,  AF,  PF,  CF    

Page 14: Hacking with Reverse Engineering and Defense against it

Assembly  Language    Basic  Instructions  

� MOV    -­‐  data  copying  �  LEA  –  address  loading  (POINTER)  �  ADD,  SUB,  MUL,  DIV,  IMUL,  IDIV  –  arithmetic  �  CMP,  TEST  –  comparison  �  CALL  ,  RET  –  function  call  and  Return  �  J**    -­‐  conditional  branching  �  PUSH/POP    -­‐  stack  management  �  NOP  –  do  nothing    

Page 15: Hacking with Reverse Engineering and Defense against it

System  Calls  �  Used  as  interface  between  application  and  operating  system.  

�  System  calls  ask  OS  to  perform  specific  task  � Most  operating  system  are  written  in  “C”  language,  so  providing  SYSTEM  Calls  as  “C”  api’s        -­‐  NIX  system  calls  –  unistd.h  

   -­‐  WINDOWS  system  calls    -­‐  windows.h  �  Studying  OS  platform  and  system  calls  is  necessary  part  of  reverse  engineering  

Page 16: Hacking with Reverse Engineering and Defense against it

PE  –  Portable  Executable  file  

Page 17: Hacking with Reverse Engineering and Defense against it

Tools  and  Techniques  �  Various  tools  helps  in  reverse-­‐engineering  the  binary  code/program.  

�  Compiler  is  the  tool  used  to  convert  high  level  language  like  C,C++  into  machine  code.  

�  Assembler  is  the  tool  used  to  convert  pseudo-­‐code  written  specific  to  processor  into  machine  code.  

�  At  reverse  Dis-­‐Assembler  and  De-­‐Compilers  help  us  in  reversing  the  process,  recovering  the  high  level  code  from  machine  code.  

�  Debuggers  are  the  tools  used  to  debug  live  running  program.  

�  Virtual  machines  might  help  in  providing  protective/isolated  environment  for  analysis.  

Page 18: Hacking with Reverse Engineering and Defense against it

Tools  and  Techniques  Cont…    Broad  category  of  tools  are  divided  into  two  category.  q Static  Analysis  Tools              -­‐Tools  helps  us  to  analysis  program  without  even  running  it.    

           -­‐  Tools  includes  Dis-­‐assembler  and  De-­‐Compilers  q Dynamic  Analysis  Tools  -­‐  Tools  in  this  category  helps  us  dive  deep  into  program  by  analyzing  it  while  running  it.    

       -­‐  Tools  includes  Debuggers,  Loaders  and  System  Monitoring  tools  

Page 19: Hacking with Reverse Engineering and Defense against it

Tools  and  Techniques  Cont…  �  Compilers            (VC  compiler,  GCC  compiler  suite,  .NET  framework)  �  Assemblers          (MASM,  NASM,  TASM,  FASM)  �  Dis-­‐assemblers  and  Debuggers          (IDAPro,  OllyDbg,  Immunity  Debugger,  WinDbg)  �  Hypervisors          (VMWare  Workstation/Player,  VirtualBox,QUEMU)  �  System  monitoring  withSysInternals  tools  �  Hex  Editors  and  Other  system  utilities  

Page 20: Hacking with Reverse Engineering and Defense against it

Tools  and  Techniques  Cont…  

Page 21: Hacking with Reverse Engineering and Defense against it

Tools  and  Techniques  Cont…  

Page 22: Hacking with Reverse Engineering and Defense against it

Tools  and  Techniques  Cont…  

Page 23: Hacking with Reverse Engineering and Defense against it

Tools  and  Techniques  Cont…  

Page 24: Hacking with Reverse Engineering and Defense against it

RCE  in  various  context  Time  to  understand  field  work!!!  �  Cracking  (Illegal/Un-­‐Ethical)  � Malware  analysis  �  Vulnerability  analysis  (exploit  development)  �  Clean  house  RE  (Chinese  Wall)  �  Recovering  lost  source  code  (legacy)  �  Investigating  and  solving  faults  cause  in  released  software.  (Microsoft  global  escalation  support  team)  

Page 25: Hacking with Reverse Engineering and Defense against it

Cool  Huh  …    Lets  play  around  some  practical  reversing  lab  exercise      Lets  see  some  cool  stuff  J  

Page 26: Hacking with Reverse Engineering and Defense against it

Lab  –  Cracking  for  serial.  �  This  is  for  purely  demonstration  and  educational  purpose  only.    

�  Anything  you  do  to  obtain  or  provide  fake  registration  key  for  software  is  considered  cracking  and  a  serious  offense.  

�  In  lab  we  are  going  to  study  and  recover  serial  key  and  defeat  registration  mechanism  by  various  ways.  

Page 27: Hacking with Reverse Engineering and Defense against it

Defeating  RE  �  Lot  of  research  has  been  done,  many  ways  to  make  it  harden  for  reversing  process.    

         …  But  no  solution  is  100%  perfect  and  secure.    

Page 28: Hacking with Reverse Engineering and Defense against it

Defeating  RE  Cont…          Software  armoring              Obfuscation              “  deliberate  act  of  creating  obfuscated  code,  i.e.  source  or  machine  code  that  is  difficult  for  human  to  understand”  -­‐-­‐  Wikipedia  

 

Page 29: Hacking with Reverse Engineering and Defense against it

Defeating  RE  Cont…    Some  techniques  for  anti-­‐analysis  …      �  Packers    (Compression)  �  Protectors  (Encryption)    �   Anti-­‐Debugging  �  Garbage  Code  and  Code  Permutation  �  Anti-­‐Assembly  �  Hypervisor/Emulator  detection  

Page 30: Hacking with Reverse Engineering and Defense against it

Defeating  RE  Cont…  

Page 31: Hacking with Reverse Engineering and Defense against it

Defeating  RE  Cont…          Advanced  technologies…  

� Mutation  �  Code  Virtualization  

Page 32: Hacking with Reverse Engineering and Defense against it

Resources  �  REVERSING  –  secrets  of  reverse  engineering  (By  Eldad  Eilam)  

� Microsoft  windows  internals  (By  Mark  Russinovich  and  David  Solomon)  

�  Reverseme.de  –  cool  reverseme.exe  collections  �  InfoSec  Institute  Resources.  –  cool  articles  on  security    �  NtDebugging  blog  (Microsoft  global  escalation  support  team)    -­‐  fine  gain  exposure  in  windows  insides  

�  And  finally  some  good  book  on  x86  assembly  tut  and  reference.  

Page 33: Hacking with Reverse Engineering and Defense against it

Questions???  Still  there  anything  struggling  in  your  mind.    

Page 34: Hacking with Reverse Engineering and Defense against it

Hope  you  enjoyed  it.  

Thank  you!!!